API Deployment

Django Settings Best Practices

Source: djangostars - Configuring DJango Settings

When considering the management of Django settings, there are some key issues to consider:

• Different environments: Often a project will have several different environments for dev, production, qa, etc.
• Sensitive data: Every Django project has a SECRET_KEY. There are also API keys which should be kept secret and safe.
• Sharing settings between team members: human error can be eliminated by standardizing settings for projects.
• Django setting are a Python code: instead of key-value pairs, settings.py can sometimes require tricky logic.

Let’s examine popular approaches to handling settings:

settings_local.py

The oldest method, settings_local.py is used to extend environment-specific settings.

Pros:

• Settings don’t end up in VCS

Cons:

• Chance of losing whatever environment settings are in settings_local.py
• Settings_local.py might have non-obvious logic, on account of being Python
• You’ll need to include a settings_local.example in order to share default configurations.

Separate settings file for each environment

This involves creating a settings package, with various environment settings in their own modules.

When taking this approach, a settings will need to specified when running a project:

python manage.py runserver --settings=settings.local

Pros:

• All environments are in VCS.
• Easy to share settings between devs

Cons:

• Still need to find a good way to handle secrets
• Settings inheritance can get hard to trace/maintain

Environment variables

Environment variables solve the sensitive data problem, but can be clunky to work with and require manual typing.

They can be accessed via os.environ.

But wait, does Django have a thing?

Yes.

django-environ

django-envron is a merge of the following tools:

• envparse
• honcho
• dj-database-url
• dj-search-url
• dj-config-url
• django-cache-url

Here’s an example of settings using django-environ:

#from djangostars:

import environ


root = environ.Path(__file__) - 3  # get root of the project
env = environ.Env()
environ.Env.read_env()  # reading .env file

SITE_ROOT = root()

DEBUG = env.bool('DEBUG', default=False)
TEMPLATE_DEBUG = DEBUG

DATABASES = {'default': env.db('DATABASE_URL')}

public_root = root.path('public/')
MEDIA_ROOT = public_root('media')
MEDIA_URL = env.str('MEDIA_URL', default='media/')
STATIC_ROOT = public_root('static')
STATIC_URL = env.str('STATIC_URL', default='static/')

SECRET_KEY = env.str('SECRET_KEY')

CACHES = {'default': env.cache('REDIS_CACHE_URL')}

And the associated .env file:

Also from djagnostars:

DEBUG=True
DATABASE_URL=postgres://user:password@db.example.com:5432/production_db?sslmode=require
REDIS_CACHE_URL=redis://user:password@cache.example.com:6379/1
SECRET_KEY=Some-Autogenerated-Secret-Key

Best Practices

• Keep settings in environment variables
• Write default values for production configuration
• Don’t hardcode sensitive settings
• Split settings into groups
• Follow naming conventions for custom settings

SSH Tutorial

Source: Hostinger Tutorials - How Does SSH Work

What is SSH

SSH (Secure Shell) is a remote administration protocol that allows users to control and modify remote servers over the internet.

How to use

On Linux and Mac, using SSH is simple. Go to the terminal, and use the following command:

$ ssh {user}@{host}

This tells the system at {host} that you want to login as {user}. You will prompted for a password. If submitted password is correct you will be greeted by a remote terminal window. That’s it!

SSH sessions are securely encrypted, using a combination of symmetric encryption, asymmetric encryption, and hashing.

Additional Resources

• WhiteNoise docs (middleware)
• Wikipedia - Infrastructure as a service
• Wikipedia - Platform as a service
• Wikipedia - Cross-origin resource sharing (CORS)